Privacy Policy

Last updated: March 20, 2026

STT.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what choices you have. By using STT.ai, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect your email address and, optionally, your name. If you sign in through a third-party provider (e.g., Google), we receive basic profile information from that provider.

Payment Information

When you purchase credits or subscriptions, payment is processed by our third-party payment providers (Stripe, Square). We do not store your full credit card number. We retain transaction records (amount, date, and payment method type) for accounting purposes.

Audio Files

When you upload audio for transcription, your files are sent to our GPU server for processing and deleted immediately after transcription is complete. We do not permanently store your audio files. Audio is transmitted over HTTPS (TLS 1.3) and processed in memory.

When you provide a URL for transcription (e.g., a YouTube or podcast link), the audio may be temporarily downloaded to disk on our server using yt-dlp before processing. These temporary files are deleted immediately after transcription is complete. The URL you provide is not stored after processing.

Transcripts

Generated transcripts are stored in your account so you can access them later. If you enable client-side encryption, the transcript is encrypted in your browser before being saved to our servers — we cannot read the stored version. Note: during processing, the server handles the transcript in plaintext before returning it to your browser for encryption. You may delete your transcripts at any time.

Usage Data

We collect basic usage information such as pages visited, features used, transcription requests made, timestamps, browser type, and IP address. This helps us improve the Service and diagnose issues.

2. Client-Side Encrypted Storage

STT.ai offers an optional client-side encryption mode for stored transcripts. When enabled, your transcript is encrypted in your browser using AES-256-GCM with a key derived from your password before being saved to our servers. We never have access to your encryption keys, and cannot read or recover encrypted transcripts. Note: audio must be sent unencrypted to our GPU for transcription — the encryption protects the stored transcript, not the processing step. For more details, visit our Security page.

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service.
• Process transactions and manage your account.
• Send transactional emails (receipts, account notifications, security alerts).
• Monitor for abuse and enforce our Terms of Service.
• Analyze aggregate usage trends to improve performance and features.

4. Cookies and Analytics

Essential Cookies

We use essential cookies that are necessary for the Service to function. These include:

• Session cookies: to keep you logged in and maintain your session.
• CSRF tokens: to protect against cross-site request forgery attacks.
• Language preference: to remember your selected language.

These cookies are strictly necessary and cannot be disabled without breaking the Service.

Analytics Cookies

We use Clicky for website analytics to understand how visitors interact with STT.ai. Clicky may set cookies to track page views and sessions. You can opt out of analytics tracking through your browser settings or by visiting our 14. Managing Your Privacy page.

Advertising Cookies

We do not use advertising cookies or trackers. We never have and we never will.

You can disable non-essential cookies (analytics) through your browser settings or our Privacy Settings page. Essential cookies cannot be disabled as they are required for the Service to function.

5. Data Sharing

We do not sell your personal data. We never have and we never will.

We share information only in the following limited circumstances:

• Payment processors: Stripe and Square process your payments. They operate under their own privacy policies.
• Legal requirements: We may disclose information if required by law, subpoena, or court order.
• Safety: We may share information if necessary to protect the rights, property, or safety of STT.ai, our users, or the public.

6. Voice Lab Contributions

STT.ai offers an optional Voice Lab program where you can contribute audio samples to help improve open-source speech recognition models. Participation is entirely voluntary and opt-in. Contributed audio is licensed under CC-BY-SA and may be included in publicly available datasets used to train open-source models. You can withdraw from the Voice Lab at any time through your account settings. Contributions made prior to withdrawal that have already been incorporated into released datasets may not be removable.

7. API Data Handling

If you use the STT.ai API, the same privacy protections apply. Audio submitted via the API is processed and deleted immediately. API request metadata (timestamps, endpoints, response codes) is logged for rate limiting and debugging purposes and is retained for up to 90 days.

8. Data Retention and Deletion

We retain different types of data for different periods:

• Audio files: Deleted immediately after transcription is complete. This includes both uploaded files and files temporarily downloaded from URLs.
• Transcripts: Stored until you delete them or until your account is deleted.
• Account data: Retained while your account is active. After account deletion, personal information is removed within 30 days, except where retention is required by law.
• Usage and analytics data: Anonymized after 90 days.
• Payment records: Retained as required by applicable tax and financial regulations.

You may delete your account at any time through your account settings or by emailing hello@stt.ai. When you delete your account, we remove your personal information and transcripts within 30 days, except where retention is required by law.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data.
• Right to data portability: You may request a machine-readable copy of your data.
• Right to restrict processing: You may request that we limit how we use your data.
• Right to object: You may object to our processing of your personal data.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

Our legal bases for processing personal data under the GDPR include: performance of a contract (providing the Service), legitimate interest (improving the Service and preventing abuse), consent (analytics and marketing), and legal obligation (financial record-keeping).

To exercise any of these rights, please contact us at hello@stt.ai. We will respond within 30 days.

10. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information.
• Right to opt out of sale: We do not sell your personal information. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email hello@stt.ai.

11. Children's Privacy

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. Audio files may be processed on our US-based GPU servers. By using the Service, you consent to the transfer of your data to the United States.

For users in the EEA and UK, we rely on standard contractual clauses and other lawful transfer mechanisms to ensure your data is protected in accordance with GDPR requirements.

12. Security

STT.ai is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will promptly delete the account and associated data. If you believe a child under 13 is using the Service, please contact us at hello@stt.ai.

13. Changes to This Policy

You can export all of your transcripts at any time using the export feature in your account. Transcripts can be exported in multiple formats including TXT, SRT, VTT, DOCX, JSON, and PDF. If you need a full copy of all personal data we hold about you, contact us at hello@stt.ai and we will provide it within 30 days.

14. Managing Your Privacy

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, and optional client-side encryption. For full details on our security practices, see our Security page.

15. Contact

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify users via email or an in-app notice. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Managing Your Privacy

You can manage your privacy preferences, including analytics opt-out and data export, on the Privacy Settings page.

17. Contact and Data Protection

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact our Data Protection Officer at:

STT.ai
Data Protection Officer
Email: privacy@stt.ai
General inquiries: hello@stt.ai
Web: https://stt.ai